It seems to me that these proposals ( see my previous post for details) have to be considered from the point of view of politics and doctrine rather than what they say about data protection – the latter is largely subordinate to the former, in my view. “Reversing the Rise” is the best euphemism for Cuts we’ve had so far; only now everyone is OK with the Cut word. But what are the reasons for the cuts?

We have two types of Conservatism on display (and not only here). There is the small state, Thatcherite, tendency, and the modernising tendency. For the small state, public sector disliking, deregulating tendency, the Database State is a wonderful target, because it is a good example of the big regulatory state, and because it can be attacked for that reason but from behind the cover of a big tent privacy alliance.

Continue Reading ››
The European Data Protection Supervisor must be very opinionated, since the Official Journal of the European Union has today published online no fewer than four EDPS Opinions. They are, respectively, on
* the Proposal for a Regulation establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person (COM(2008) 820 final) here

* the Proposal for a Regulation concerning the establishment of ‘Eurodac’ for the comparison of fingerprints for the effective application of Regulation (EC) No […/…] (establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person) (COM(2008) 825) here

* the Initiative of the French … Continue Reading ››
Dominic Grieve (left), the UK Shadow Justice Minister, has published his proposals on "Reversing the Rise of the Surveillance State", which can be found here on the Conservative Party's website.

In spite of the title - will the Surveillance State whizz off backwards at great speed to where it all started Rising? - Datonomy readers are urged to inspect the document.

And perhaps there is something unconsciously symptomatic in that title.We might ask, less jocularly, how it is that something which is going backwards is also in some other sense going somewhere new, rather than back to the past, perhaps an innocent pre-technological past. The progressive component in the proposals is not yet clear to me.

Do the Conservatives really understand the modern world, or is it just that they don't like it?

Continue Reading ››
BSI issued yesterday a media release (remember when they used to be called press releases?) on its new online data protection tool. According to the release:
"BSI ... launches BSI Data Protection Online, an online tool designed to help organizations with the effective management of personal information ...
The new online self-assessment tool offers guidance and self-assessment in support of BS 10012, the data protection standard published by BSI earlier this year [reported by Datonomy here]. The standard provides a framework which enables effective management of personal information, paving the way for an infrastructure for maintaining and improving compliance with data protection legislation.
BSI Data Protection Online enables an organization to systematically work through its Personal Information Management System (PIMS), testing strengths and identifying areas for improvement. This process develops confidence in procedures and practices and will ultimately help … Continue Reading ››

Following on from yesterday's taster, this post looks at the UK-law issues surrounding the use of Flash cookies.

We are not aware of any reliable data on the prevalence of Flash cookie usage in the UK. However, a recent study by researchers at the University of California, Berkley, USA (available here) found that 54 of the 100 most popular US websites used them. Of those 54 websites, only four sites mentioned the use of Flash cookies as a tracking mechanism in their privacy policies. Further, of six randomly selected US Government websites, three were using Flash cookies to retain the personal information of users.

If the use of Flash cookies without disclosure to users is as prevalent in the UK as in the US (and, moreover, if the UK Government are making use of Flash cookies as their US counterparts … Continue Reading ››

Readers of Datonomy, more than most, may well already be aware of the characteristics and usage of Flash cookies. For those who aren't, here's a quick introduction:

Cookies (whether traditional HTTP cookies or Flash cookies) are used for authenticating, session tracking and remembering specific information about website users, such as site preferences or the contents of their electronic shopping carts. Many people choose to delete HTTP cookies by altering privacy settings on their computer and clearing their web history. In fact, several studies have found that over 30% of users delete first party HTTP cookies once a month. In 2005, United Virtualities (an online advertising company) developed a backup ID system for cookies that were being set up by websites, ad networks and advertisers but increasingly deleted by users. This was called a Persistent Identification Element (PIE) and this was used to create a … Continue Reading ››
The Information Commissioner Christopher Graham has called for stronger and custodial penalties to deter those who trade illegally in personal information. Current penalties are too slight, he argues; and courts are, he implies, encouraged by the current low tariff to ignore it altogether. A tough response is what he wants, which will send the right signals about data protection. But is he right?

A regulatory scheme like the current data protection scheme rests, it seems to me, mainly on a set of rules that provide prompts and prohibitions. Once players have agreed to play the game and understood the rules, rational action ensues. If someone breaks the rules in a game like this, then the appropriate response is educational and persuasive rather than coercive. If you take the latter course too often or too heavily, then you … Continue Reading ››